Computer Security
[EN] securityvulns.ru no-pyccku


VMWare vCenter Server / vSphere Client security vulnerabilities
Published:08.05.2011
Source:
SecurityVulns ID:11658
Type:remote
Threat Level:
5/10
Description:Directory traversal, information leakage.
Affected:VMWARE : ESX 4.0
 VMWARE : ESX 4.1
 VMWARE : vCenter Server 4.0
 VMWARE : vCenter Server 4.1
CVE:CVE-2011-1789 (The self-extracting installer in the vSphere Client Installer package in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, VMware ESXi 4.x before 4.1 Update 1, and VMware ESX 4.x before 4.1 Update 1 does not have a digital signature, which might make it easier for remote attackers to spoof the software distribution via a Trojan horse installer.)
 CVE-2011-1788 (vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1 allows local users to discover the SOAP session ID via unspecified vectors.)
 CVE-2011-0426 (Directory traversal vulnerability in vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before Update 1, and VMware VirtualCenter 2.5 before Update 6a, allows remote attackers to read arbitrary files via unspecified vectors.)
Original documentdocumentVMWARE, VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities (08.05.2011)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod